mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
35 lines
855 B
Go
35 lines
855 B
Go
|
package checker
|
||
|
|
|
||
|
|
import (
|
||
|
|
"context"
|
||
|
|
|
||
|
|
authorizationv1client "k8s.io/client-go/kubernetes/typed/authorization/v1"
|
||
|
|
)
|
||
|
|
|
||
|
|
// AuthResult contains authorization check result
|
||
|
|
type AuthResult struct {
|
||
|
|
Allowed bool
|
||
|
|
Reason string
|
||
|
|
EvaluationError string
|
||
|
|
}
|
||
|
|
|
||
|
|
// AuthChecker provides utility to check authorization
|
||
|
|
type AuthChecker interface {
|
||
|
|
// Check checks if the caller can perform an operation
|
||
|
|
Check(ctx context.Context, group, version, resource, subresource, namespace, verb string) (*AuthResult, error)
|
||
|
|
}
|
||
|
|
|
||
|
|
func NewSelfChecker(client authorizationv1client.SelfSubjectAccessReviewInterface) AuthChecker {
|
||
|
|
return self{
|
||
|
|
client: client,
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func NewSubjectChecker(client authorizationv1client.SubjectAccessReviewInterface, user string, groups []string) AuthChecker {
|
||
|
|
return subject{
|
||
|
|
client: client,
|
||
|
|
user: user,
|
||
|
|
groups: groups,
|
||
|
|
}
|
||
|
|
}
|